I meet this error too, when I use a 64bit injectdll which code is same to the 32bit one
The 32bit dll works perfectly, but the 64bit dll makes the x64 program crash.
I hook many APIs in the dll, but finally I find the "AttachThreadInput" hook cause the error, if I don't hook this function, the program run well , if I hook it , the program crash and debugview show me this error.
All of the APIs are hooked in the same way, I don't know why the hook for "AttachThreadInput" casue the error

Try to run the program in a (64-bit) debugger to get a better sense of what's wrong. You can post the debugger log here and we can take a look at it together. If you need some quick starter for using the Microsoft windbg debugger, then take a look here:

http://www.sandboxie.com/index.php?HowToUseWinDbg

snipped. --tzuk

Hello, tzuk, is that useful ?

This is my test x64 program error info

snipped. --tzuk

A question, how to get the path of sandboxie installed ?

Thanks for the debug log. Here is the explanation. The machine code for the function user32!AttachThreadInput has been generated "within" (conceptually) the range that is used by the function user32!GetWindowFrameMetricInternal. The Microsoft compiler does that all the time, so we have nothing to do about that.

Now the thing is that AttachThreadInput is a very small function. Hooking the function actually overwrites the machine code. So if the code placed by the hook is longer than the original code bytes for AttachThreadInput, then the result is that it actually "overflows" and overwrites partts of GetWindowFrameMetricInternal.

I hope I am explaining this reasonably good.

Sandboxie can overwrite with very short hook code (5 bytes) if the hooked function (AttachThreadInput) and the target function (in your DLL) are less than 2GB apart in memory. If they are farther away than this then Sandboxie needs to overwrite 12 bytes.

So the solution is simple, compile your DLL with a fixed base address that is in the lower 2GB range (because that is where USER32 gets loaded.) And that should shorten the hook code from 12 bytes to 5 bytes and should fix this problem.

As for getting the Sandboxie installation directory: I do have an API for getting this information but it's not exported. For now hard code C:\Program Files\Sandboxie or whatever, I'll make this API accessible in the next beta build of Sandboxie.

Hi, tzuk, thanks a lot for your help, I get it, so I should complie the dll with /FIXED option, both of the 32bit dll and 64bit dll, is that right ?

About getting the path of sandboxie, I maybe could get it from the key path "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SbieSvc\ImagePath", if sandboxie is running, I think it will be OK.


I found this tool (http://www.sandboxie.com/phpbb/viewtopic.php?t=6128) will load the SbieDll when it runs, I don't know how it get the dll path, I use it all the time, but I am very sad to say , it can't work with v3.50


If a sandboxed program could get the sbie path, it is very comfortable to the injectdll

And my dll is designed for v3.46 and v3.50, so I use LoadLibrary to get the HMODULE of user32.dll in the InjectDllMain function, but I should use GetModuleHandle for old sbie versions, I want to know is there any other diffrence between old and new versions ? if there isn't, my dll could also be used in old versions, is that right ?

Hi, tzuk, could you give me some suggestion about the Zemana keylogger test tool, I really don't know how to debug it to find why my dll can't block it , thanks

rcbblgy you already asked me that and I declined. As you see I do try to help you where the problems are related to Sandboxie. But you're asking me to spend 2-3 hours or more in the debugger to figure out how some keylogger test tool works, and I'm sorry, but no. I'm imagining a scenario where everyone drops by to ask me to debug their favorite problem that has little or nothing to do with Sandboxie. Try to understand.

Don't be angry, tzuk, you have misunderstood my meaning, I would not ask you to take time for my problem, I just need some words of suggestion、direction about how you will do if you do it, if you have no time to write these words, it does not matter, I will find the direction by myself

I'm not angry. But I'm also not familiar with key logging so I'm afraid I can't help you there.

With the version 3.50, there is no "sanboxie service stop working" error, and the zemana test tool also could be blocked in win7 64bit, but still can't be blocked in xp 32bit, I decide to leave it away

In version 3.51.10, I added a new API to get the Sandboxie installation folder:

http://www.sandboxie.com/index.php?SBIE_DLL_API#HomePath